Kishiro
Content Type
Profiles
Forums
Events
Posts posted by Kishiro
-
-
This is what I use, it works nicely.
REGEDIT4
;Turn Off System Restore
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters]
"FirstRun"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice]
"Start"=dword:000000040 -
That's some great info GrofLuigi!
You figured it out.
The first file you mentioned, fltmgr.sys (FS Filter Manager), is a new service which came with SP2. From what I can read about it, you don't really need this at all. You can easily disable it like this;
REGEDIT4
; Stop the service from running
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FltMgr]
"Start"=dword:00000004
; ..or remove FS Filter Manager alltogether :)
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FltMgr]The main problem however, is the Mount Manager (mountmgr.sys)
There's two places you need to hack/alter in the file if you want to get rid of the automaticly creating of the SIV\MountPointManagerRemoteDatabase file,
0A10: 5C 00 53 00 79 00 73 00 (...)
9610: 6C 43 72 65 61 74 65 53 (...)
But since I'm not a hacker, I wasn't able to successfully to make it work as I wanted. I was able to disbale the creation of the mountpoint(..) file by changing the first of the mentioned addresses of (0A10) 5C 00 53(...) to 5C 00 3F(..)
But I was unable to change the automatic creation of the SIV folder, which I think is programmed into the second address (9610). When I tried to change that, I couldn't launch into Windows, bummer
I'll leave the hacking to someone who knows what they're doing.
However, you can make it work by replacing the mountmgr.sys file, with the pre-SP2 Build, which dosen't contain any aforementioned "always-create-crappy-files-on-my-drive" code as far as I can see.
I found my original XP CD, and copied mountmgr.sys (Build 5.1.2600.0) to my Windows\System32\Drivers\ folder, and restarted the machine. I deleted the System Voulme Information folder and have been running my machine for 17 hours. I've also restarted the machine 2-3 times to check if the folder gets back, and it surely does not.
It's working like it used to under SP1
I won't reccomend doing any of this, unless you know what you're doing and are willing to take some risks.
For your convinience, here's the original pre-SP2 Build 5.1.2600.0 of mountmgr.sys
0 -
Add this to your registry tweaks started by cmdlines.txt;
;Change location of temp folder
[HKEY_CURRENT_USER\Environment]
"TEMP"="c:\\temp"
"TMP"="c:\\temp"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"TEMP"="c:\\temp"
"TMP"="c:\\temp"
Now, c:\Temp will be the default temp folder for all new users. PS Remember to make the follwing folder; $OEM$\$1\Temp, so that the temp folder will be created during install.
0 -
If you know that the memory reader always get the same drive-letter during install, just submit that drive-letter from your batch-file.
for %%i in (C: D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: T: U: V: W: X: Y: Z:) do if exist whateveryouwanttodo
For instance, if the drive-letter is "d:" , just remove "d:" from the above code.
0 -
You have to download the hacked version of "sfc_os.dll".
You can get it from RyanVM (http://www.ryanvm.net/)
And offcourse you also have to apply the following to your registry. But you've probably allready added this to your hivesys.inf via nLite. If not, you might want to add i to your T-12 registry tweaks.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCSetting"=dword:ffffff9d0 -
I try to disable NetBIOS over TCP/iP in my WINNT.SIF, but it dosen't seem to work. "NetBIOSOptions=2" is there, but after installation I go to my NIC settings, and the WINS tab, and I can clearly see that the NetBIOS option is set to "Default" and not "Disabled".
Can anyone see what's wrong here?
Here's my winnt.sif;
;
; W i N N T . S i F
;
[Data]
AutoPartition=0
MsDosInitiated=0
UnattendedInstall=Yes
AutomaticUpdates=No
[Unattended]
UnattendMode=FullUnattended
UnattendSwitch=Yes
OemPreinstall=Yes
OemSkipEula=Yes
FileSystem=*
WaitForReboot=No
TargetPath=\WINDOWS
DriverSigningPolicy=Ignore
CrashDumpSetting=0
Hibernation=No
DisableDynamicUpdates=Yes
KeyboardLayout=Norwegian
[SystemFileProtection]
SFCQuota=0
[WindowsFirewall]
Profiles=WindowsFirewall.TurnOffFirewall
[WindowsFirewall.TurnOffFirewall]
Mode=0
[GuiUnattended]
AdminPassword=*
AutoLogon=No
TimeZone=110
OEMSkipRegional=1
OemSkipWelcome=1
EncryptedAdminPassword=No
[Shell]
DefaultThemesOff=Yes
DefaultStartPanelOff=Yes
[UserData]
ProductKey=*deleted*
FullName=-
OrgName=
ComputerName=*
[RegionalSettings]
LanguageGroup=1
Language=00000414
[TapiLocation]
CountryCode=47
[Identification]
JoinWorkgroup=HELL
[PCHealth]
ER_Display_UI=0
ER_Enable_Applications=None
ER_Enable_Kernel_Error=0
ER_Enable_Reporting=0
ER_Enable_Windows_Components=0
[Branding]
BrandIEUsingUnattended=Yes
[URL]
Home_Page=http://www.msfn.org/
[Networking]
InstallDefaultComponents=No
[NetAdapters]
Adapter1=params.Adapter1
Adapter2=params.Adapter2
[params.Adapter1]
INFID=*
[params.Adapter2]
INFID=*
[NetClients]
MS_MSClient=params.MS_MSClient
[NetServices]
MS_SERVER=params.MS_SERVER
[NetProtocols]
MS_TCPIP=params.MS_TCPIP
[params.MS_TCPIP]
DNS=Yes
UseDomainNameDevolution=No
EnableLMHosts=No
AdapterSections=params.MS_TCPIP.Adapter1
AdapterSections=params.MS_TCPIP.Adapter2
[params.MS_TCPIP.Adapter1]
DHCP=Yes
WINS=No
NetBIOSOptions=2
[params.MS_TCPIP.Adapter2]
SpecificTo=Adapter2
DHCP=Yes
WINS=No
NetBIOSOptions=2
[Components]
indexsrv_system=off
AutoUpdate=Off
msmsgs=off
msnexplr=off
pinball=off
spider=off
WMAccess=Off
WMPOCM=Off
zonegames=off
[GuiRunOnce]
%systemdrive%\install\install.cmd0 -
@cybpsych
-------------------------------------------------
@echo off
bootcfg /raw "/Execute /fastdetect" /id 1
-------------------------------------------------
This disables DEP (Data Execution Prevention) completely. I use it on my unattended WindowsXP CD, and it works like a charm
0 -
@prathapml
Here's some of my registry tweaks that dosen't seem to be in the compilation of yours;
*please post large amounts of text/code as attachments
0 -
Thanks Raja
I'll give it a spin and report back with my findings.
0 -
Have any of you guys experience in changing Registry permissions with a script using "regini" or "RegDACL" or other utils?
What I would like to do on my unattended CD, is to remove the "full control" permission for all users from the following key "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\" and also disable the "Inherit from parent the permission entries that apply to child objects(..)" on the aformentioned key.
Do anyone know if it's possible to create a script that do this on the first logon?
Any help would be appreciated.
(For anyone who wonders what this do to the system, it forces the Start Menu and Favorites to always be alphabeticly sorted.)
0 -
That's the same conclusions I've come to. I've file monitored my machine for 96hours, and the dirs aren't coming back, unless I restart my machine.
It's really annoying, and now it's the only problem I haven't manage to solve in my wonderfull cuztomized unnatended XPSP2 CD.
0 -
@lpl
My bad, use this instead;
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"SaveZoneInformation"=dword:00000001
However, it should work without this key. This key only tells Windows not to store information at file level (applies to ntfs only) about in which "zone" you got the file you're trying to open. (Yes I know it's confusing that SaveZoneinformation=1 actually means don't save, and SaveZoneinformation=0 means save... stupid MS Logic...
).So, If you added the other values as you said, it should work perfectly.
Remeber to restart the machine after adding. Also, if you're using these reg-settings in an unattended setup, remember that many of the HKEY_CURRENT_USER keys must be added at the very end of the installation. Run regedit to check that they were applied correctly.0 -
This should do the trick
-----------------------------------------------------------------------------------------------
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]
"CheckExeSignatures"="no"
"RunInvalidSignatures"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"SaveZoneInformation"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
"LowRiskFileTypes"=".exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;"
-----------------------------------------------------------------------------------------------
0 -
@Benners
Did you figure anything out ?
I've tried myself to solve this puzzle, but I can't seem to figure out which process is making the MountPointManagerRemoteDatabase files. The information on the net seems to be rather sparse. However during my testing I've discovered that the files aren't really used or written to. I've disabled System Restore, The Indexing Service and The Distributed Link Tracking Service. If i delete the "System Volume information" folders, they're recreated at startup. If I create the MountPointManagerRemoteDatabase file myself, clear the archive attribute and notes down the timestamp, restarts the machine, I can see that the timestamp has not been changed and the archive-bit is still off, hence no writing to the file. So some process is checking if the file exists, if i dosen't it's recreated, but it seems the file itself is useless.
0
).
KB924441: Computer that is using an AMD PowerNow! driver stops res
in Windows XP
Posted
Could anyone please post a non-encrypted version of the KB924441 Hotfix?
The password posted by rootworm is not valid anymore